The open_id_authentication plugin will require the gem automatically so it doesn't need to be added to environment.rb

Changed the version requirement on the open_id_authentication to match the latest stable version. Rails config.gem looks for a directory named after that specific version and will not load newer versions.

Another vote from me. I come from an enterprise environment where OpenID could solve SSO for our internal network/intranet in one swoop, using openid-ldap on top of our existing Active Directory. This will be a lot easier to handle in the long run than integrating each and every app through apache+kerberos or ldaps.

I'd like to add OpenID login and registrations in Redmine. I get several collaborators on my projects and it would make things a lot easier if they could use OpenID to signup. I'm hoping to get this into 0.8 but I'm not promising anything yet.

I've added OpenID support to Redmine. It's optional and by default is turned off. To turn it on, go to the Administration panel > Authentication and select the OpenID checkbox. When enabled this will allow users to login through their OpenID url.

I did some refactoring to AccountController in order to reduce the duplication.

The openid rubygem is included in vendor/gems

The open_id_authentication plugin is included in vendor/plugins

We might want to refactor OpenID to act like an AuthSource later. Right now AuthSources are assumed to be LDAP and since I don't have a LDAP server to test with I didn't go that route and potentially break LDAP logins.

I'm pretty sad to see that this feature got integrated into the core.IMHO, it's a marginal feature. Adding dependencies and bundling gems in vendor/plugins doesn't make the application easier to maintain.

That's exactly the kind of thing that I'd like to see implemented as a plugin. Eric, you made a great job on plugins, why didn't you give it a try ? Having a plugable authentication would be a much better solution.

For what it's worth, I'm happy to see it in core. While not a Redmine developer, as a user it's great to have this out of the box. One of the problems I've been running into is that people just don't want to create yet another account on some random Web site (i.e., mine). I actually had a partner on an open source project opt to go with Lighthouse and Google groups because of the hurdle in creating yet another account on yet another site.

That's not to say that it couldn't work as a plugin, but I don't want to have to spend an inordinate amount of time to make the system usable. I also suspect this would get used more than the LDAP integration would by the general populace.

I'm pretty sad to see that this feature got integrated into the core.IMHO, it's a marginal feature. Adding dependencies and bundling gems in vendor/plugins doesn't make the application easier to maintain.

I'm sorry you feel that way. I've spoken to numerous people on IRC and in real life and every one of them agreed that it would be a great feature for the core. Lowering the barrier to entry for new users makes the system as a whole easier to get started with.

That's exactly the kind of thing that I'd like to see implemented as a plugin. Eric, you made a great job on plugins, why didn't you give it a try ? Having a plugable authentication would be a much better solution.

Frankly, the authentication code is all over the place and it wouldn't be possible to have a pluggable authentication without replacing a ton of core code (thus the risk of large breaking bugs). While putting OpenID in, I managed to clean up some of the code but it's still pretty messy in there. I'd be happy to pull OpenID out to a plugin once the core can support it as a plugin. I'd propose we revisit pulling OpenID (and other features you've mentioned) out to plugins once the core has a stronger API to support them.

Kevin Menard wrote:

That's not to say that it couldn't work as a plugin, but I don't want to have to spend an inordinate amount of time to make the system usable. I also suspect this would get used more than the LDAP integration would by the general populace.

I've seen the same, OpenID is used more often in the public than LDAP (but LDAP is used more often on private intranets).